Debate (Round 2): Metadata and the Fourth Amendment

This post is one in a series of posts from Just Security‘s Jennifer Granick and Guest Author Orin Kerr debating the constitutionality of the NSA’s telephony metadata program. Jennifer’s earlier post can be found here and Orin’s earlier reply can be found here. Please check back later this afternoon for Orin’s reply to this post.

Orin starts his rebuttal by distinguishing between existing Fourth Amendment case law, which he believes allows bulk phone records collection, and our own normative views of what the amendment should mean, perhaps known in less civilized debates with less gentlemanly people as “Jennifer’s wishful thinking.”

The Fourth Amendment is Inherently Normative

But normative considerations, including those associated with bulk data collection, are explicitly part of existing Fourth Amendment jurisprudence. That is why in Kyllo v. United States (2000), the Court acknowledged that the Fourth Amendment limits the power of technology to shrink the realm of guaranteed privacy, noted that hard questions were yet to come, and then answered the easier question by drawing a bright line at surveillance of the home. In City of Ontario v. Quon (2010) the Supreme Court cautioned that it “risks error by elaborating too fully on the Fourth Amendment implications of emerging technology before its role in society has become clear.” Where it is unclear that courts at present are on sure ground, “prudence counsels caution before the facts in the instant case are used to establish far-reaching premises that define the existence, and extent, of privacy expectations…” When novel technology and civil liberties are at stake, the Court must “proceed with care.” Normative values in favor of individual privacy and dignity and against indiscriminate law enforcement conduct are embedded in the Fourth Amendment and indistinguishable from existing case law.

As the Supreme Court said in Quon, the Fourth Amendment requires us to first understand quiet clearly both the technology and its role in society, in other words, what information does the NSA collect and what can it and does it do with that information? The 1979 case of Smith v. Maryland has not already decided the constitutionality of bulk collection of call detail records on hundreds of thousands of admittedly innocent people. The matter requires understanding, prudence and caution. It certainly deserves more thought than it got from the Foreign Intelligence Surveillance Court (FISC). Shockingly, it appears the FISC never wrote an opinion explaining why it authorized the Section 215 phone records program back in 2006. Its 2008 opinion “memorializing the Court’s reasons” for issuing the production order never mentions the Fourth Amendment. The only FISC opinion we have weighing this momentous question, of whether the NSA could compel disclosure and collect information on hundreds of millions of Americans was almost four pages in an August 2013 opinion.

Orin is right that Courts of Appeals cases have allowed warrantless collection of subscriber information, stored phone records, temporarily assigned IP addresses and credit card information. I think Forrester’s holding that IP addresses of the websites you visit are not protected by the Fourth Amendment is wrong, if only on content/non-content grounds. But, as I pointed out in my initial post, my name, address, and credit card number, phone bill or even IP address history are not comparable to the breadth of information subject to the NSA’s Section 215 bulk collection program. Such comprehensive data creates a picture of all Americans’ private interactions, personal friendships and political affiliations.

Fourth Amendment attorneys tend to distinguish between protected content (like phone calls in Katz) and unprotected non-content, but this shorthand misses the nuance of Smith. There the Court distinguished pen registers from other kinds of non-content information collection, too. “[Pen registers]… disclose only the telephone numbers that have been dialed—a means of establishing communication. Neither the purpose of any communication between the caller and the recipient of the call, their identities, nor whether the call was even completed is disclosed by pen registers (emphasis added).” The Court was showing how limited pen register data are, not distinguishing all metadata from content for constitutional purposes. The Fourth Amendment protects content, even in the hands of third parties. But it does not follow that any and all non-content is therefore unprotected. Smith does not answer the question of whether comprehensive non-content information that reveals such personal details is nevertheless constitutionally protected.

Orin and I agree that public awareness of mass surveillance or bulk data collection does not impact the Fourth Amendment question. I mentioned that most people have never heard of IMEI or IMSI numbers, or much of the information contained in call detail records, because some argue that modern telecommunications users “assume the risk” that information they give to phone companies will not only be used by the company, but also disclosed to others, including law enforcement. In any case, and unlike in Smith, telephone subscribers do not voluntarily convey call detail record information to the telephone company in the ordinary course of business. They have no choice in the matter. Nor are people made aware by their phone bills that the phone company collects such comprehensive data in the ordinary course of business. Nor do customers assume the risk this information will be indiscriminately disclosed. Telephone service agreements and federal law prohibit that.

In any case, the “assumption of risk” is far from absolute. For example, Orin and I agree it doesn’t apply to content. Otherwise phone conversations would never be protected, merely because the telephone company could listen in, letters would never be protected, because the Post Office could open them, emails would not be protected because companies serve ads against the content.

One versus Many

In United States v. Knotts (1983), the Supreme Court expressly left open whether “twenty-four hour surveillance of any citizen of this country” by means of “dragnet-type law enforcement practices” violates the Fourth Amendment’s guarantee of personal privacy, even as it approved warrantless beeper tracking of a particular drug conspiracy. Judge Posner reserved the “momentous issue” of mass GPS tracking in favor of resolving just the case before him.

That is because collecting some records about one person may not be a search, where collecting more detailed records about millions of people would be. Justice Sotomayor’s concurrence in Jones explains why. More information about more people is more invasive of the individuals’ privacy interests and changes the balance of power between government and the governed. Sotomayor says that modern data collection techniques can generate precise, comprehensive information about traditionally private “familial, political, professional, religious, and sexual associations”. She recognizes that where the practice is cheap and surreptitious, it “evades ordinary checks that constrain abusive law enforcement practices”. And she says that when technology has made surveillance easier and less expensive, Fourth Amendment considerations must come in lest the tracking “alter the relationship between citizen and government in a way that is inimical to democratic society.” Standing doctrine may require a litigant show she was subject to an unreasonable search or seizure. But in considering the Fourth Amendment, the Court should and does consider the effect the new technology has on the balance of power between the government and individuals, including those who are not before the court.

Like Orin, I am not a fan of the mosaic theory of search in which a court considers a sequence of government investigatory activity as an aggregated whole to consider at what point the investigation amounts to a warrantless search, or simply consists of smart police work. Having litigated Fourth Amendment cases for years, I don’t believe there’s a predictable and meaningful inflection point. But the bulk collection of phone records is not about a sequence of government activity. There is a program in which everyone’s detailed phone records are collected, and the phone records are highly revealing of traditionally private intimate and personal details. Neither limited budgets nor public oversight serve a limiting role, because this data collection is cheap and surreptitious. It alters the relationship between us and our government. Stopping this indiscriminate program is the very role the Fourth Amendment was designed to play.